This article considers some of the ways in which the Financial Conduct Authority (the FCA) is seeking to hold individuals within financial institutions to account and how the regulatory regime for senior managers is changing.
The FCA has made clear its view that responsibility for the culture of firms sits at the top: if managers create the right culture, good regulatory practice and procedures will naturally follow. Consequently, where they share responsibility for conduct failings, the FCA will seek to hold senior managers to account as part of its credible deterrence strategy. High profile enforcement action against senior individuals has included action in connection with inadequate corporate governance arrangements (Kumagai, May 2012); oversight failures (Cummings, September 2012); failure to notify the regulator (Thiam, March 2013); paying insufficient regard to financial information and inadequate advice to the board (Willford, December 2013).
Where action is taken against individuals, the enhanced penalty regime in force since 2010 can result in higher fines based on a percentage of relevant income which may also be increased in certain circumstances for even greater deterrent effect (as in the March 2013 Carrimjee Decision Notice).
In addition, the publication of Decision Notices and the FCA’s recently acquired power to publish details concerning Warning Notices have raised the stakes for individuals. Although the FCA has confirmed that it will not normally identify individuals at the Warning Notice stage, preserving anonymity will be more difficult for key members of the senior management team, where not naming them could lead to others being mistakenly suspected or where publication is necessary to quash rumours.
However, enforcement is not the only way in which the FCA has been seeking to achieve its aims in relation to senior managers. The FCA is also making increased use of existing supervisory tools such as attestations, potentially with a view to facilitating future enforcement action, and is considering further enhancements to the regulatory regime as a result of the recommendations made by the Parliamentary Commission on Banking Standards. We will look at each of these in turn.
The FCA has recognised that it is often difficult to hold senior managers to account where they are removed from day-to-day operations and the establishment and maintenance of procedures and controls. In his evidence to the Treasury Select Committee in September 2013, Martin Wheatley, Chief Executive of the FCA, commented:
‘It has been hard to nail an individual against responsibility because matrix organisation structures, committee decision-making means that individuals always defuse responsibility and it ends up that you have to take action against a committee. So it is not the powers that are lacking, but frankly, evidence is hard to gather in a way that would allow you to take action.’
Making increased use of attestations is one of the ways in which the FCA is seeking to bridge this evidential gap and place accountability directly at the feet of senior managers.
Attestations are an informal tool whereby the FCA seeks an assurance of a particular compliance matter. They can be forwards or backwards looking and the FCA may look to a senior individual to put his or her name to a particular measure, effectively giving an implementation guarantee.
Those asked to give attestations are often placed in a difficult position, possibly concerned that a refusal may be perceived as a potential failure to co-operate or signal concern, provoking further unwelcome scrutiny. However, signing up to an attestation may risk exposure in any future investigation.
An example of the way in which attestations may become relevant in the context of enforcement action is provided by the Rabobank Final Notice published in October 2013 which imposed a fine of £105 million in connection with the manipulation of LIBOR. The FCA found that a March 2011 attestation that Rabobank’s LIBOR procedures were fit for purpose was inaccurate and should not have been made as it was. It remains to be seen whether any particular individuals will face enforcement action as a consequence but the decision highlights the care that must be taken when giving attestations.
Attestations should be limited where possible to the carrying out of specific tasks, rather than containing subjective general statements about systems and controls. Senior managers signing attestations should ensure that they can evidence that they have taken all reasonable steps to support the attestation. It may be prudent to create an internal ‘attestation pyramid’ which records the tasks delegated to more junior members of staff and measures taken by those responsible, including challenge and follow up as appropriate.
The impact of the June 2013 Parliamentary Commission on Banking Standards Report
In June 2013, the Parliamentary Commission on Banking Standards (the ‘Commission’) published its report, ‘Changing banking for good’, following an inquiry into professional standards within the UK banking sector (the ‘Report’). The Report concluded that many bankers, particularly at senior level, had been allowed to operate with little personal accountability and made recommendations for improving individual accountability in three key areas: (a) framework for individuals; (b) enforcement against individuals and (c) incentives for better behaviours.
Some of the recommendations have now been introduced by the Financial Services (Banking Reform) Act 2013 as follows:
(a) Framework for individuals: Senior Persons and Licencing
For deposit-taking entities, the existing Approved Persons Regime will be replaced by a ‘Senior Persons Regime’ to ensure that the most important responsibilities within banks are assigned to specific senior individuals
While the details of the new regime require consultation, key features will include individual attestations and the requirement to formally accept a written Statement of Responsibilities to ensure that a named individual is accountable for each key business risk. In addition, a new ‘licensing’ regime based on a set of individual standards will extend to less senior employees but whose actions or behaviour could seriously harm the bank, its reputation or its customers.
The FCA’s current view is that the existing Approved Persons Regime will continue to apply to all non-deposittaking entities but the Senior Persons Regime will become an ‘integral part’ of the FCA approach and the FCA will consider whether aspects of the new regime should be incorporated into the existing framework.
(b) Enforcement against individuals: Reckless mismanagement and other changes
A new criminal offence is being introduced for Senior Persons of reckless misconduct in the management of a bank.
The government has also accepted the Commission’s recommendations regarding: (i) an extension, in certain circumstances, of the three-year time limit for enforcement action against individuals; and (ii) the reversal of the burden of proof where enforcement action is taken against a bank such that Senior Persons must show that they took all reasonable steps to prevent or mitigate the effects of a specified failing.
(c) Incentives for better behaviour: the Remuneration Code
The Report recommended the introduction of a new statutory remuneration code to better align risks taken and rewards received, as well as a new power to cancel outstanding deferred remuneration for senior bank employees in the event of their employers needing taxpayer support.
The FCA believes that the Commission’s proposals can be achieved by adjusting the FSA’s 2009 Remuneration Code (the ‘Remuneration Code’). The FCA has, however, stated that it supports the Commission’s wider recommendations on remuneration, including the development of legal and contractual arrangements to allow deferred remuneration to be recouped in a wider range of circumstances. The FCA intends to work with the Prudential Regulation Authority (the PRA) on these proposals and may consult on any necessary changes to the Remuneration Code in 2014.
The FCA also agrees with the Commission that remuneration, including sales-based incentives, can cause conduct failings. In December 2013 the FCA imposed a fine of over £28 million on Lloyds TSB Bank plc and Bank of Scotland plc in connection with failings in controls over such incentive schemes. Following the publication in January 2013 of guidance on incentives, the FCA is currently conducting follow up work to see if firms are now managing the risks to consumers from sales based incentives and plans to publish the findings in the first quarter of 2014.
Speaking in October 2013, Tracey McDermott, the FCA’s Director of Enforcement and Financial Crime, highlighted that in 2012/13, the FCA took action against more individuals than firms imposing £5m in fines, 43 prohibitions and obtaining 13 criminal convictions. At the time of writing, 2013/14 has not yet seen significantly increased fines imposed on high profile individuals for management failings. However, the FCA has said that it will not be deterred by the difficulty of bringing such cases. There have been a number of institutional failures which may yet give rise to individual outcomes and the regime changes being introduced are intended to facilitate the FCA’s regulatory objective to hold more managers to account. A clear message is being sent to senior managers that they are now in the regulatory spotlight.